2017年数据泄露成本研究_英文版 -管理资源网

首页 > 资料专栏 > 财税 > 财税审计 > 成本费用 > 2017年数据泄露成本研究_英文版

2017年数据泄露成本研究_英文版

duanluo: V 实名认证

内容提供者

联系反馈

热门搜索

成本

资料大小：2741KB(压缩后)
文档格式：WinRAR
资料语言：中文版/英文版/日文版
解压密码：m448
更新时间：2018/5/19(发布于内蒙古)
阅读：3
类型：积分资料
积分：10分 (VIP无积分限制)
推荐：升级会员

下载地址

文档软件 | 转换工具

==>> 点击下载文档

相关下载

推荐资料

文本描述

2017 Cost of Data Breach Study Global Overview Benchmark research sponsored by IBM Security Independently conducted by Ponemon Institute LLC June 2017 Ponemon Institute Research Report Ponemon Institute Research ReportPage 1 2017 Cost of Data Breach Study: Global Overview Ponemon Institute, June 2017 Part 1. Introduction IBM Security and Ponemon Institute are pleased to release the 2017 Cost of Data Breach Study:
Global Overview. According to our research, the average total cost of data breach for the 419 companies participating in this research decreased from $4.00 to $3.62 million2. The average cost for each lost or stolen record containing sensitive and confidential information also significantly decreased from $158 in 2016 to $141 in this year’s study. However, despite the decline in the overall cost, companies in this year’s study are having larger breaches. The average size of the data breaches in this research increased 1.8 percent. This year, a strong U.S. dollar significantly influenced the global cost analysis and contributed to the decline in the cost. As shown above, the cost of data breach declined $17 and approximately $8(48 percent) of this decline can be attributed to currency rate fluctuation.3 For purposes of consistency with prior years, we decided to continue to use the same accounting method rather than adjust the cost. It is important to note that this issue only affects the global analysis because all country-level results are shown in local currencies. This year’s study included the following 11 country and two regional samples:
! The United States ! The United Kingdom ! Germany ! Australia ! France ! Brazil ! Japan ! Italy ! India ! Canada ! South Africa ! The Middle East (including the United Arab Emirates and Saudi Arabia) ! ASEAN region (including Singapore, Indonesia, the Philippines and Malaysia) All participating organizations experienced a data breach ranging from approximately 2,600 to slightly less than 100,000 compromised records. We define a compromised record as one that identifies the natural person whose information has been lost or stolen in a data breach. The terms “cost per compromised record” and “per capita cost” have equivalent meaning in this report. In addition to presenting trends in the various components of the cost of data breach, the global study determines the likelihood that an organization will have one or more data breaches in the next 24 months. Two factors were used to determine the probability of a future data breach: the current data breach size and the organizations’ location.Based on this year’s research, we estimate an average probability of 27.7 percent that organizations in this study will have a material data breach in the next 24 months. Last year, the average probability was 25.6 percent.This report is dated in the year of publication rather than the year of fieldwork completion. Please note that the majority of data breach incidents studied in the current report happened in the 2016 calendar year.2 Local currencies were converted to U.S. dollars.3 The conversion from local currencies to the U.S. dollar deflated the per capita and average total cost estimates, especially for companies in the U.K., Germany, France and Italy (e.g., the Pound () and Euro (€)). Global study at a glance §419 companies in 13 country or regional samples §$3.62 million is the average total cost of data breach §10% one-year decrease in average total cost §$141 is the average cost per lost or stolen records §11.4% one-year decrease in the per capita cost §27.7% is the likelihood of a recurring material data breach over the next two years §2.1% increase in the likelihood of a recurring material data breach 淘宝店铺 “Vivian研报” 首次收集整理获取最新报告及后续更新服务请在淘宝搜索店铺“Vivian研报” 或直接用手机淘宝扫描下方二维码 Ponemon Institute Research ReportPage 2 Organizations in South Africa, India and Brazil are those most likely to experience a material data breach involving 10,000 or more records over the next 24 months. At 41 percent, South Africa has the highest probability of experiencing a data breach in the next 24 months. At 14.5 percent, Canada has the lowest probability of having a future data breach. A material data breach is one that involves a minimum of 1,000 lost or stolen records containing personal information about consumers or customers. This research does not include data breaches involving high-value information assets such as intellectual property, trade secrets and business confidential information. Why the cost of data breach fluctuates across countries What explains the significant increases in the cost of data breach this year for organizations in the Middle East, the United States and Japan In contrast, how did organizations in Germany, France, Australia, and the United Kingdom succeed in reducing the costs to respond to and remediate the data breach Understanding how the cost of data breach is calculated will explain the differences among the countries in this research. For the 2017 Cost of Data Breach Study: Global Overview , we recruited 419 organizations in 11 countries and two regions to participate in this year’s study. More than 1,900 individuals who are knowledgeable about the data breach incident in these 419 organizations were interviewed. The first data points we collected from these organizations were:(1) how many customer records were lost in the breach (i.e. the size of the breach) and (2) what percentage of their customer base did they lose following the data breach (i.e. customer churn). This information explains why the costs increase or decrease from the past year. In the course of our interviews, we also asked questions to determine what the organization spent on activities for the discovery of and the immediate response to the data breach, such as forensics and investigations, and those conducted in the aftermath of discovery, such as the notification of victims and legal fees. A list of these activities is shown in Part 3 of this report. Other issues covered that may have an influence on the cost are the root causes of the data breach (i.e. malicious or criminal attack, insider negligence or system glitch) and the time to detect and contain the incident. It is important to note that only events directly relevant to the data breach experience of the 419 organizations represented in this research and discussed above are used to calculate the cost. For example, new regulations, such as the General Data Protection Regulation (GDPR), ransomware and cyber attacks, such as Shamoon, may encourage organizations to increase investments in their governance practices and security-enabling technologies but do not directly affect the cost of a data breach as presented in this research. The calculation of the components of the cost of data breach that affect the cost The following information presents the data that is used to calculate the cost and the factors that may increase or decrease these costs. We believe such information will help organizations make better decisions about how to allocate resources to minimize the financial consequences when the inevitable data breach strikes. ! The unexpected and unplanned loss of customers following a data breach (churn rate) Programs that preserve customer trust and loyalty in advance of the breach will help reduce the number of lost business/customers. In this year’s research, more organizations worldwide lost customers as a result of their data breaches. However, as shown, having a senior-level leader such as a chief privacy officer or chief information security officer who will be able to direct initiatives that improve customers’ trust in how the organization safeguards their personal information will reduce churn and the cost of the breach. Organizations that offer data breach Ponemon Institute Research ReportPage 3 victims breach identity protection in the aftermath of the breach are also more successful in reducing churn. ! The size of the breach or the number of records lost or stolen It makes sense that the more records lost, the higher the cost of data breach. Therefore, data classification schema and retention programs are critical to having visibility into the sensitive and confidential information that is vulnerable to a breach and reducing the volume of such information. ! The time it takes identify and contain a data breach The faster the data breach can be identified and contained, the lower the costs. In this year’s study, organizations were able to reduce the days to identify the data breach from an average of approximately 201 in 2016 to 191 days and the average days to contain the data breach from 70 to 66 days. We attribute these improvements to investments in such enabling security technologies as security analytics, SIEM, enterprise wide encryption and threat intelligence sharing platforms. In contrast, security complexity and the deployment of disruptive technologies can affect the time to detect and contain a data breach. Although some complexity in an IT security architecture is expected to deal with the many threats facing organizations, too much complexity can impact the ability to respond to data breaches. Disruptive technologies, access to cloud-based applications and data as well as the use of mobile devices (including BYOD and mobile apps) increase the complexity of dealing with IT security risks and data breaches. As shown in the research, cloud migration at the time of the data breach and mobile platforms were shown to increase the cost. ! The detection and escalation of the data breach incident Detection and escalation costs include forensic and investigative activities, assessment and audit services, crisis team management and communications to executive management and board of directors. Investments in governance, risk management and compliance (GRC) programs that establish an internal framework for satisfying governance requirements, evaluating risk across the enterprise and tracking compliance with governance requirements can improve an organization’s ability to detect and escalate a data breach. ! Post data breach costs, including the cost to notify victims These costs include help desk activities, inbound communications, special investigative activities, remediation, legal expenditures, product discounts, identity protection services and regulatory interventions. The United States had the highest notification costs. The purchase of cyber and data breach insurance can help manage the financial consequences of the incident. As shown in this year’s study, insurance protection and business continuity management reduced the cost of data breach following the discovery of the incident. In contrast, the rush to notify victims without understanding the scope of the breach, compliance failures and the engagement of consultants all increase post data breach costs. Expenditures to resolve lawsuits also increase post data breach costs.
。。。以上简介无排版格式，详细内容请下载查看